Policy-based application management
First Claim
1. A method comprising:
- configuring a first managed application installed on an electronic mobile device to operate in accordance with a set of one or more policy files defined independent of the managed application, wherein each policy file defines one or more access controls enforced by a mobile device management system on the electronic mobile device when the managed application is executing on the electronic mobile device;
receiving, by processing circuitry of the electronic mobile device, a copy command;
encrypting, by the processing circuitry and in response to the copy command, original data from the first managed application to form encrypted data, wherein the encrypting is performed based on encryption information identified in the one or more policy files; and
writing, by the processing circuitry and in response to the copy command, the encrypted data to a secure clipboard residing in memory of the electronic mobile device to enable a second managed application to subsequently read and decrypt the encrypted data from the secure clipboard, the secure clipboard residing at a location of the memory which is different than that of a general clipboard residing in the memory, the general clipboard being accessible by a set of unmanaged applications running on the electronic mobile device, and the secure clipboard being accessible only to a set of one or more managed applications identified by the one or more policy files, wherein the set of one or more managed applications comprises the first and second managed applications.
7 Assignments
0 Petitions
Accused Products
Abstract
Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user'"'"'s own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things.
501 Citations
13 Claims
-
1. A method comprising:
-
configuring a first managed application installed on an electronic mobile device to operate in accordance with a set of one or more policy files defined independent of the managed application, wherein each policy file defines one or more access controls enforced by a mobile device management system on the electronic mobile device when the managed application is executing on the electronic mobile device; receiving, by processing circuitry of the electronic mobile device, a copy command; encrypting, by the processing circuitry and in response to the copy command, original data from the first managed application to form encrypted data, wherein the encrypting is performed based on encryption information identified in the one or more policy files; and writing, by the processing circuitry and in response to the copy command, the encrypted data to a secure clipboard residing in memory of the electronic mobile device to enable a second managed application to subsequently read and decrypt the encrypted data from the secure clipboard, the secure clipboard residing at a location of the memory which is different than that of a general clipboard residing in the memory, the general clipboard being accessible by a set of unmanaged applications running on the electronic mobile device, and the secure clipboard being accessible only to a set of one or more managed applications identified by the one or more policy files, wherein the set of one or more managed applications comprises the first and second managed applications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more non-transitory computer readable media storing computer readable instructions that, when executed by an electronic mobile device having a memory, cause the device to perform:
-
configuring a first managed application installed on the electronic mobile device to operate in accordance with a set of one or more policy files defined independent of the managed application, wherein each policy file defines one or more access controls enforced by a mobile device management system on the electronic mobile device when any managed application is executing on the electronic mobile device; receiving, by the processing circuitry, a copy command; encrypting, by the processing circuitry and in response to the copy command, original data from the first managed application to form encrypted data, wherein the encrypting is performed based on encryption information identified in the one or more policy files; and writing, by the processing circuitry and in response to the copy command, the encrypted data to a secure clipboard residing in the memory to enable a second managed application to subsequently read and decrypt the encrypted data from the secure clipboard, the secure clipboard residing at a location of the memory which is different than that of a general clipboard residing in the memory, the general clipboard being accessible by a set of unmanaged applications running on the electronic mobile device, and the secure clipboard being accessible only to a set of one or more managed applications identified by the one or more policy files, wherein the set of one or more managed applications comprises the first and second managed applications. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification